Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6f1c05e28c94de0b084ebb2602bdcdf61961c3f1
edx-platform/common/djangoapps/entitlements/api/v1/permissions.py
Anthony Wee 2ab8794c78 INCR-131: Run python-modernize on common/djangoapps/entitlements/api (#20448) 
* INCR-131: Run python-modernize on common/djangoapps/entitlements/api

* isort
2019-05-07 13:05:21 -04:00

24 lines
839 B
Python
Raw Blame History

"""
This module provides a custom DRF Permission class for supporting SAFE_METHODS to Authenticated Users, but
requiring Superuser access for all other Request types on an API endpoint.
"""
from __future__ import absolute_import
from rest_framework.permissions import SAFE_METHODS, BasePermission
from courseware.access import has_access
class IsAdminOrSupportOrAuthenticatedReadOnly(BasePermission):
"""
Method that will require admin or support access for all methods not
in the SAFE_METHODS list. For example GET requests will not
require an Admin or Support user.
"""
def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return request.user.is_authenticated
else:
return request.user.is_staff or has_access(request.user, "support", "global")
Reference in New Issue View Git Blame Copy Permalink